Security Advisory for WPA-2 Vulnerabilities.
NETGEAR is aware of WPA-2 security vulnerabilities that affect NETGEAR products that connect to WiFi networks as clients. These vulnerabilities are potentially exploitable under the following conditions:
- Your devices are only vulnerable if an attacker is in physical proximity to and within wireless range of your network.
- Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.
- Extenders, Arlo cameras, and satellites are affected during a WPA-2 handshake that is initiated only when connecting or reconnecting to a router.
- Mobile hotspots are only affected while using WiFi data offloading, which is not enabled by default.
If these vulnerabilities are exploited, an attacker could potentially perform the following types of attacks, among others:
- Eavesdrop on communication between the affected product and the router to which it connects.
- Hijack unencrypted web sessions (sessions not using HTTPS). Encrypted traffic, such as banking website sessions and Arlo camera feeds, remains protected.
These WPA-2 vulnerabilities affect the following products:
Orbi WiFi Systems:
- RBS50 running firmware version 184.108.40.206 or earlier
- RBS40 running firmware version 220.127.116.11 or earlier
- RBW30 running firmware version 18.104.22.168 or earlier
Routers and Gateways (when used in bridge mode):
- JR6150 running firmware version 22.214.171.124 or earlier
- R6020 running firmware version 126.96.36.199 or earlier
- R6050 running firmware version 188.8.131.52 or earlier
- R6080 running firmware version 184.108.40.206 or earlier
- R6100 running firmware version 220.127.116.11 or earlier
- R6120 running firmware version 18.104.22.168 or earlier
- R6220 running firmware version 22.214.171.124 or earlier
- R6250 running firmware version 126.96.36.199 or earlier
- R6700v2 running firmware version 188.8.131.52 or earlier
- R6800 running firmware version 184.108.40.206 or earlier
- R7000 running firmware version 220.127.116.11 or earlier
- R7500 running firmware version 18.104.22.168 or earlier
- R7500v2 running firmware version 22.214.171.124 or earlier
- R7800 running firmware version 126.96.36.199 or earlier
- R8300 running firmware version 188.8.131.52 or earlier
- R8500 running firmware version 184.108.40.206 or earlier
- R9000 running firmware version 220.127.116.11 or earlier
WiFi Range Extenders:
- EX2700 running firmware version 18.104.22.168 or earlier
- EX3700 running firmware version 22.214.171.124 or earlier
- EX3800 running firmware version 126.96.36.199 or earlier
- EX6000 running firmware version 188.8.131.52_1.0.11 or earlier
- EX6100v1 running firmware version 184.108.40.206_1.1.130 or earlier
- EX6100v2 running firmware version 220.127.116.11 or earlier
- EX6120 running firmware version 18.104.22.168_1.0.20 or earlier
- EX6130 running firmware version 22.214.171.124 or earlier
- EX6150v1 running firmware version 126.96.36.199_1.0.68 or earlier
- EX6150v2 running firmware version 188.8.131.52 or earlier
- EX6200v1 running firmware version 184.108.40.206_1.1.111 or earlier
- EX6200v2 running firmware version 220.127.116.11 or earlier
- EX6400 running firmware version 18.104.22.168 or earlier
- EX7000 running firmware version 22.214.171.124_1.0.101 or earlier
- EX7300 running firmware version 126.96.36.199 or earlier
- WN2000RPTv3 running firmware version 188.8.131.52 or earlier
- WN3000RPv3 running firmware version 184.108.40.206 or earlier
- WN3100RPv2 running firmware version 220.127.116.11 or earlier
- A6100 running firmware version 18.104.22.168 or earlier
- A6210 running firmware version 22.214.171.124 or earlier
- A7000 running firmware version 126.96.36.199 or earlier
- WNA3100M running firmware version 188.8.131.52 or earlier
- WNDA3100v3 running firmware version 184.108.40.206 or earlier
Wireless Access Points:
- WAC104 running firmware versions prior to 220.127.116.11
- WAC120 running firmware versions prior to 2.1.5
- WAC505 running firmware versions prior to 18.104.22.168
- WAC510 running firmware versions prior to 22.214.171.124
- WAC720 running firmware versions prior to 126.96.36.199
- WAC730 running firmware versions prior to 188.8.131.52
- WN604 running firmware versions prior to 3.3.8
- WNAP210v2 running firmware versions prior to 184.108.40.206
- WNAP320 running firmware versions prior to 220.127.116.11
- WND930 running firmware versions prior to 2.1.3
- WNDAP350 running firmware versions prior to 18.104.22.168
- WNDAP360 running firmware versions prior to 22.214.171.124
- WNDAP620 running firmware versions prior to 2.1.4
- WNDAP660 running firmware versions prior to 126.96.36.199
Firmware fixes are currently available for the following affected products:
To download the latest firmware for your NETGEAR product:
- Visit NETGEAR Support.
- Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.
If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model.
- Click Downloads.
- Under Current Versions, select the download whose title begins with Firmware Version.
- Click Download.
- (Optional) To view the release notes for this firmware version, click Release Notes.
- Unzip the new firmware to an easy-to-find location, such as your desktop.
- Follow the firmware upgrade instructions in your product’s user manual, which is available on your product’s support page under User Guides and Documentation.
NETGEAR strongly recommends that you download the latest firmware as soon as possible.
For Arlo and Orbi products, firmware updates are sent to your devices automatically. You do not need to update your firmware manually.
Until a firmware fix is available for your product, NETGEAR recommends that you follow these workaround procedures:
- For Wireless Routers in Bridge Mode: disable Bridge Mode or power off the bridge router. For more information, see your product’s user manual or one of the following knowledge base articles:
- For Mobile Hotspots using the WiFi Offload feature: disable WiFi Offload. For more information, see your product’s user manual.
Meer updates volgen zodra deze beschikbaar zijn.
Bron: Netgear support